News

Infosecurity Magazine2d

Cursor Autorun Flaw Lets Repositories Execute Code Without Consent

A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, ...

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

Ledger CTO warns of shocking NPM attacks by crypto hackers

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...

Crypto stolen by hackers in largest NPM attack

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have been major targets of the breach. However, the hacker seems to have pocketed ...
Securities.io1d

NPM Supply-Chain Attack: What Happened and How to Fix It

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...